Tagged Questions

In cryptography, a key derivation function (or KDF) derives one or more secret keys from a secret value such as a master key or other known information such as a password or passphrase using a pseudo-random function. Keyed cryptographic hash functions are popular examples of pseudo-random functions ...

I've stumbled upon a project that suggests a way of having to remember one password, from which a “per-service password” could be generated by salting the service name using scrypt.
What could be a ...

I'm working on an implementation of Krawczyk and Eronen HKDF from RFC 5869. From Krawczyk's original paper, he identifies four inputs to a KDF in Cryptographic Extraction and Key Derivation: The HKDF ...

If I were to have a 4096-bit file of random data (/dev/random) used as a keyfile for LUKS, would there be any benefit to having a key iteration count higher than 1?
My reasoning is that the attacker ...

Is it possible to have different keys on alot of (embedded) devices and just have 1 key on a server (to witch all these devices connect)? The main point here being when 1 device is compromised this ...

I've being studying up on AES, GCM, CBC, HMAC and a lot of other primitives and am somewhat ( a little bit, perhaps) familiar with them however I am still a bit weary on the use of the keys and nonce.
...

Let's assume that I generate a high entropy AES master key (through /dev/random for example) and I want to derive it with a fixed-length serial number (12345 for instance).
The derived key is used to ...

I was looking at PBKDF2, bcrypt and scrypt as options for key derivation; and would like to try using them all together in order to get the cryptographic strength of the strongest one (which seems to ...

I am developing a steganography app where user encrypt any file into an audio file. The user can enter a password to protect the hidden data. The same password is converted as a 256 bit key and the ...

I have a MySQL database that I want to encrypt with AES_ENCRYPT() and have to provide access to a variable and possibly changing number of users.
Is it possible to derive an encryption key based on a ...

I'm really interested in end-to-end encrypted cloud storage and couldn't find out how following scenario could work:
A user of a cloud provider which provides zero-knowledge-authentication (like for ...

I'm looking for encryption scheme with the following properties:
There's a sequence of keys that can be used to decrypt the message
Strictly only one key from the sequence is required to decrypt the ...

Say that I define a scheme where the salt is public and is MAC-ed with the message:
$k = KDF(password, salt)$
$tag = MAC_k(salt || message)$
Is it safe to salt the MAC this way? Assume that the salt ...

I want to derive a 256 bit encryption key and a 256 bit MAC key from a single 256 bit master key for an authenticated encryption scheme.
I was considering the following construction to derive the two ...

RC4 has a variable length key. Is it still necessary to use a key derivation function, such as PBKDF2, to initialize it?
Would using a single character password weaken it's output when compared to a ...

TOTP (Time-based One-Time Password) Algorithm is used in Two factor authentication. I understand the algorithm and that current time is used as a variable to generate a token. Wiki page for reference: ...

Everyone is comparing bcrypt to scrypt. Bcrypt is proven, lots of cryptoanalysis and no vulnerabilities so far, but uses very low memory. While scrypt uses a lot of memory, but it's too early in its ...

I'm a cryptography novice, but I think that the world needs to move towards an "encrypt everything" mentality as much as possible. As a result, I've been thinking a lot about ways to build a web app ...

According to Wikipedia the ECIES algorithm has two optional shared information $S_1$ and $S_2$. They are used as follows:
Generate a random shared secret $Z$ according to ECIES, which will never be ...

I'm working on a project where we need to encrypt a large number of files and store them on the cloud. And I'm wondering if the following process would be secure (we have a “Hardware Security Module” ...

I would like to generate a key which would be good enough to be used for encryption with AES in a mobile environment. My idea is to use as a seed ''random attributes'' from a mobile device. Is hashing ...

I have a key that is the combination of two shorter keys generated by PBKDF2, which together are long more or less 64 bytes. Now I need to shrink it down to 32 bytes and I'm not sure what to use to do ...

I have this scenario where I use Encrypt-then-MAC (AES256-CBC and HMAC-SHA256) with keys generated by a CSPRNG (specifically, SecureRandom in Java). I'd like to know which is better:
Use the CSPRNG ...

I have an encryption scheme that uses a 256-bit master key, from which 2 separate keys (one for AES-256-CTR encryption and one for a HMAC-SHA256) are derived using HKDF. However, I'm not sure exactly ...